Hello, As per Meraki documentation "Client VPN does not natively support two-factor auth, a third-party solution is required for this configuration", which basically means that the system can only have one authentication source. All "third-party solutions" are acting as LDAP or RADIUS proxy and clients basically send both LDAP password and OTP as a single password. I would like to reference a solution that is not listed by meraki and does exactly the same acting as an LDAP proxy accessed via RADIUS protocol. There is however one advantage, which is the possibility to implement self-service enrollment of the second factor. More information here. Disclaimer: I am affiliated with Token2, I hope I did not break any community rules here.
... View more